March 25, 2009

I wanted to demonstrate the level of sophistication that is running the back end Command and Control servers for many of these web based usually p2p botnets. Included are support contracts, fees for advanced services, reporting and sometimes the occasional backdoor! Duh.

As currently shown by the the following pack is now very popular..

, currently by many analysts to be at the head of the pack in terms of obfuscation and features.

The pack includes dynamically generated runtime creation of obfuscated Javascript in order to establish an encrypted communication session with the browser via asymmetric encryption. The browser then sends its critical info such as user agent type, active x controls, plugins, and platform information.

Based on this exchange of information, the pack sends a crafted exploit JUST FOR THE VICTIM. whee. How special.